Unmanaged Secure Inter-Application Data Communications

1. A method for secure data sharing between applications in a computing device, comprising: obtaining, by a first application executed by the computing device, an identity certificate associated with the first application, wherein the identity certificate comprises: a unique identifier associated with the computing device, and a public key associated with the first application; authenticating the first application with a management computing environment, over a computer network, using the identity certificate associated with the first application and the unique identifier associated with the computing device; obtaining a plurality of public keys from the management computing environment in response to authenticating the first application with the management computing environment, the plurality of public keys being associated with a plurality of other applications known to the management computing environment to be executing on the computing device; causing the plurality of public keys obtained from the management computing environment to be stored in a key store of the computing device; causing, by the first application, an encrypted data package to be generated using a public key associated with a second application among the plurality of other applications; and causing, by the first application, the encrypted data package to be communicated to the second application through an inter-application communication process.

2. The method according to claim 1 , further comprising: prior to causing the encrypted data package to be generated, confirming a revocation status of the public key associated with the second application through a certificate status protocol communication; and causing the revocation status of the public key associated with the second application to be cached in the key store of the computing device.

3. The method according to claim 2 , further comprising: causing the revocation status to be cached for a length of time based on a time to live (TTL) parameter received through the certificate status protocol communication.

4. The method according to claim 1 , wherein the encrypted data package includes a signature of the first application.

5. The method according to claim 4 , further comprising: generating, by the first application, a key pair, the key pair comprising the public key associated with the first application and a private key associated with the first application; and signing a hash of data in the encrypted data package with the private key associated with the first application to generate the signature of the first application.

6. The method according to claim 1 , wherein obtaining the identity certificate for the first application comprises sending a certificate signing request to a certificate authority.

7. The method according to claim 1 , further comprising: receiving, by the first application, a second encrypted data package, the second encrypted data package being generated by a second application executed by the computing device; and decrypting the second encrypted data package using a private key associated with the first application.

8. The method according to claim 7 , further comprising: verifying a signature of the second application to determine an identity of second the application.

9. A non-transitory computer-readable medium embodying program code for secure data sharing between applications that, when executed by a computing device, directs the computing device to at least: obtain, by a first application executed by the computing device, an identity certificate associated with the first application, wherein the identity certificate comprises: a unique identifier associated with the computing device, and a public key associated with the first application; authenticate the first application with a management computing environment, over a computer network, using the identity certificate associated with the first application and the unique identifier associated with the computing device; obtain a plurality of public keys from the management computing environment in response to authentication of the first application with the management computing environment, the plurality of public keys being associated with a plurality of other applications known to the management computing environment to be executing on the computing device; cause the plurality of public keys obtained from the management computing environment to be stored in a key store of the computing device; cause, by the first application, an encrypted data package to be generated using a public key associated with a second application among the plurality of other applications; and cause, by the first application, the encrypted data package to be communicated to the second application through an inter-application communication process.

10. The non-transitory computer-readable medium according to claim 9 , wherein the computing device is further directed to at least: confirm a revocation status of the public key associated with the second application through a certificate status protocol communication; and cause the revocation status of the public key associated with the second application to be cached in the key store of the computing device.

11. The non-transitory computer-readable medium according to claim 10 , wherein the computing device is further directed to at least: cause the revocation status to be cached for a length of time based on a time to live (TTL) parameter received through the certificate status protocol communication.

12. The non-transitory computer-readable medium according to claim 9 , wherein the encrypted data package includes a signature of the first application.

13. The non-transitory computer-readable medium according to claim 12 , wherein the computing device is further directed to at least: generate, by the first application, a key pair, the key pair comprising the public key associated with the first application and a private key associated with the first application; and sign a hash of data in the encrypted data package with the private key associated with the first application to generate the signature of the first application.

14. The non-transitory computer-readable medium according to claim 9 , wherein the computing device is further directed to at least: receive, by the first application, a second encrypted data package, the second encrypted data package being generated by a second application executed by the computing device; and decrypt the second encrypted data package using a private key associated with the first application.

15. The non-transitory computer-readable medium according to claim 14 , wherein the computing device is further directed to at least: verify a signature of the second application to determine an identity of second the application.

16. A computing device for secure data sharing between applications, comprising: a memory device configured to store computer-readable instructions thereon; and at least one processing device configured, through execution of the computer-readable instructions, to direct the computing device to at least: obtain, by a first application executed by the computing device, an identity certificate associated with the first application, wherein the identity certificate comprises: a unique identifier associated with the computing device, and a public key associated with the first application; authenticate the first application with a management computing environment, over a computer network, using the identity certificate associated with the first application and the unique identifier associated with the computing device; obtain a plurality of public keys from the management computing environment in response to authentication of the first application with the management computing environment, the plurality of public keys being associated with a plurality of other applications known to the management computing environment to be executing on the computing device; cause the plurality of public keys obtained from the management computing environment to be stored in a key store of the computing device; cause, by the first application, an encrypted data package to be generated using a public key associated with a second application among the plurality of other applications; and cause, by the first application, the encrypted data package to be communicated to the second application through an inter-application communication process.

17. The computing device according to claim 16 , wherein the computing device is further configured to at least: confirm a revocation status of the public key associated with the second application through a certificate status protocol communication; and cause the revocation status of the public key associated with the second application to be cached in the key store of the computing device.

18. The computing device according to claim 17 , wherein the computing device is further directed to at least: cause the revocation status to be cached for a length of time based on a time to live (TTL) parameter received through the certificate status protocol communication.

19. The computing device according to claim 16 , wherein the encrypted data package includes a signature of the first application.

20. The computing device according to claim 19 , wherein the computing device is further directed to at least: generate, by the first application, a key pair, the key pair comprising the public key associated with the first application and a private key associated with the first application; and sign a hash of data in the encrypted data package with the private key associated with the first application to generate the signature of the first application.